From patchwork Wed Sep 23 17:28:24 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Zhao Zhili <quinkblack@foxmail.com>
X-Patchwork-Id: 22565
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id 5DAFD44ABCD
	for <patchwork@ffaux-bg.ffmpeg.org>; Wed, 23 Sep 2020 20:28:39 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2439368B4DA;
	Wed, 23 Sep 2020 20:28:39 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from qq.com (out203-205-221-209.mail.qq.com [203.205.221.209])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7B48768B1FD
 for <ffmpeg-devel@ffmpeg.org>; Wed, 23 Sep 2020 20:28:32 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foxmail.com;
 s=s201512; t=1600882108;
 bh=qxDgdngdWRtwjlomPtaZxxcWGdSVBR8FEOwLA6xsEl0=;
 h=From:To:Cc:Subject:Date;
 b=KYuhgXoI269o+oDRJgyOrybnEFxsudPVI/aDfHBldTGWR+jR013EU3Acdj6vp9ZmA
 W92JLZ99+OqymwC0AyRn0jBbhAtTVkNqn3hds97+c7J5DW5vgiyPaMkwv2T9ya/HbM
 4NwNEM9JclLbCMZf0nULCC4YEQhzOjXSDnxJ2Lts=
Received: from localhost.localdomain ([27.46.80.13])
 by newxmesmtplogicsvrsza6.qq.com (NewEsmtp) with SMTP
 id 71A3C027; Thu, 24 Sep 2020 01:28:26 +0800
X-QQ-mid: xmsmtpt1600882106tcec5bber
Message-ID: <tencent_2B6559F309484B33E4537E15D80903CEA705@qq.com>
X-QQ-XMAILINFO: OEArAL79m7TBTvi0fLmOsm2T13BiHZNXao6Puv89+y9PT+vqQTKd5jkpNKspqn
 o1Ozc2piPRZthfNNtT1Klx7YIFTqtg08xVvg6gwE3VAwpPJGNsxiFYtw+M8R8WdpWzKS2PZNS6G5
 5R8q3e01rqx8xzBifo57H24fGUZcupCrd5jeDqDWiPR+sEJnLMqaYb3PQTu5nzd9wYiPMjM0vWd5
 wdgnIqdJ7h6vxfJv3H6l2Sk7bAAAoe06fQrG6MJ7pcGeDXsbwYCZ5l682cFCNA/bKb2YfZING4pA
 OVGYnCdv1zXk/SFO+2f8EZWfGEu8pF1rASy7C+IdN9mnhFc1/O3U/n5wEqZvGNhaPWvt4VSsRx5v
 r1tOdr7WheJ8upqiOqG1tGFkULs5BvQkWQPemq8lXF8JQM++AeIUpyQytkBeJYa+fFwSEmXKRt4D
 OsTuE47Esb5/tyj5hyKiQv4YkMl5V0OsIK2wJ2fCTnegl7T0wLhel8D10empZ5SaMDZoqFT3M88/
 sMd6SwFJMJonwS0TEWjcN5C7A5My179lhZjWrRvYpk2z6GKISQuvYQFdey03YNse3MMEHzu9LZXv
 oFkj6q+Ja1IK28WKxB2UWiB0yAB0qBdLTvwGWO8pLaiS3ltxC4l9s0uhJ619j05Bdd9DNQjV//i6
 m2lzm08lMMpGnJ8SfnW/9drixhrADMzCwH4l7GsFh15FZjkoQTU9CBEgPWy4dLQwQ/PJifmYE/zr
 cB3hUoeN5r6K1mjA1ETAZa+hvcdT8YOAuiFVC/bDN9GRBFZxUwsbarfQJqCRbVIHt61RKVucBstU
 QXBxF91Jul0w==
From: Zhao Zhili <quinkblack@foxmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Thu, 24 Sep 2020 01:28:24 +0800
X-OQ-MSGID: <20200923172824.154813-1-quinkblack@foxmail.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH] avformat/mov: make better use of
	av_fast_realloc and fix spurious ENOMEM
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Zhao Zhili <quinkblack@foxmail.com>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

If sc->ctts_allocated_size is larger than the new buffer size,
av_fast_realloc() will return NULL. Since sc->ctts_data is freed,
ctts_allocated_size should be reset to zero. It's better to avoid
free sc->ctts_data at the first place to make better use of
av_fast_realloc().
---
 libavformat/mov.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index dcd263b02a..fcb5a583bd 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -3014,6 +3014,7 @@ static int mov_read_ctts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
 {
     AVStream *st;
     MOVStreamContext *sc;
+    MOVStts *ctts_data;
     unsigned int i, entries, ctts_count = 0;
 
     if (c->fc->nb_streams < 1)
@@ -3031,10 +3032,13 @@ static int mov_read_ctts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         return 0;
     if (entries >= UINT_MAX / sizeof(*sc->ctts_data))
         return AVERROR_INVALIDDATA;
-    av_freep(&sc->ctts_data);
-    sc->ctts_data = av_fast_realloc(NULL, &sc->ctts_allocated_size, entries * sizeof(*sc->ctts_data));
-    if (!sc->ctts_data)
+    ctts_data = av_fast_realloc(sc->ctts_data, &sc->ctts_allocated_size, entries * sizeof(*sc->ctts_data));
+    if (!ctts_data) {
+        av_freep(&sc->ctts_data);
+        sc->ctts_allocated_size = 0;
         return AVERROR(ENOMEM);
+    }
+    sc->ctts_data = ctts_data;
 
     for (i = 0; i < entries && !pb->eof_reached; i++) {
         int count    = avio_rb32(pb);